Hooray once again for the media either not understanding or just choosing to disregard actual facts. This was followed up with "Gmail accounts also had their passwords stolen", implying that both Hotmail and Gmail have massive security holes where there are none.

This is merely a case of user stupidity. It has nothing to do with Hotmail or Gmail except that the phishers pretended to be those services. Unless you are stupid, your password is safe.

Forty-two percent of the passwords used lowercase letters from “a to z”; only 6 percent mixed alpha-numeric and other characters.

We use such gems at work as "qwert" all lower case. And "oakdale" the street our office is on. However, the hardest one to crack is simply "diamond". I have tried to get these changed but have been told anything else is too hard to remember...